Manualshelf

Specifications

ManualsBrandsMcAfee ManualsOtherENDPOINT ENCRYPTION ENTERPRISE - BEST PRACTICES GUIDE
41424344454647484950
If you gave this custom McAfee Agent to your desktop team a year ago, it is probably outdated. It
becomes outdated if, for example you have made changes to your ePolicy Orchestrator server such as
rebuilding it with a new IP address, or checked in a newer version of the McAfee Agent into your server.
Keep the agent file up to date
It is important to download the latest agent file and give it to the appropriate teams so they have the
latest agent file version for new deployments. Make sure you know who has the agent executable in
your environment and always control it by choosing a central share that you update every time you
make changes to your agent.
Deploy from the McAfee ePO server
The quick and easy way to deploy the agent is directly from the McAfee ePO server. This method
works well if you have a smaller environment and good control over the environment with the
appropriate administrator rights. You can also solve situations where a few agents need to be
deployed to new machines on the network. See McAfee ePolicy Orchestrator 4.5 Product Guide for
details.
Troubleshooting agent deployment from ePO
The McAfee ePO server requires local administrator rights to deploy agents remotely. Plus the machine
you are deploying to must have:
Admin$ share enabled
Netbios enabled
No firewall blocking inbound communications
An easy way to troubleshoot the agent deployment is by attempting to connect to the potential agent
from the McAfee ePO server itself. To test the connection use the Microsoft Windows Run prompt and
type:
\\<machinename>\
Where "<machinename>" is the name of the machine being tested.
If you can connect to the share using credentials, you know the McAfee ePO server can deploy an
agent to the target machine. If you cannot open this share, there is no way the McAfee ePO server can
deploy an agent remotely.
Failure to connect to the target machine is usually because of a credential failure or a firewall that is
blocking netbios communication. Confirm you have the appropriate rights on the target machine
before trying to deploy the agent from the McAfee ePO server.
Synchronize with Active Directory
You can use deployment from the McAfee ePO server on its own or with Active Directory (AD)
synchronization.
ePolicy Orchestrator can import your machines from AD and subsequently push agents from the
McAfee ePO server using the remote deployment functionality. This can be scheduled using the McAfee
ePO server tasks to run at specific intervals, such as once per day. This process requires the following:
6
McAfee Agent
Deploying agents
46
McAfee
®
ePolicy Orchestrator
®
4.0 and 4.5 Best Practices Guide